Technology

PewDiePie’s Hacker Fans Target Chromecasts, Google Homes, Smart TVs

subscribe to PewDiePie campaign
Image Source: TheHackerGiraffe/YouTube (screenshot)

The ongoing battle between PewDiePie and T-Series continues, and it is reaching new heights in the new year. In 2018 we saw PewDiePie’s fans hack internet-connected printers twice. Now reports indicate that his fans have hacked Google Chromecasts, Google Home smart speakers, and smart TVs to promote their “subscribe to PewDiePie” campaign.

Chromecast, Google Home and smart TVs hacked

There were initially reports that PewDiePie’s fans were hacking Google’s Chromecast streaming devices on Wednesday. The motive was the same as before, which is gathering support for the Swedish YouTuber.

The hacked devices displayed an ad on TVs telling viewers about the ongoing subscriber battle between PewDiePie and T-Series. The message also encourages viewers to subscribe to PewDiePie. Like with the printer hack, this time the hackers also instructed viewers about how to improve the security of their devices.

As users continued to grapple with the Chromecast hack, reports that hackers are also targeting Google Home devices and smart TVs started flooding in. The hack was noticed first by tech site PiunikaWeb, and it was carried out by Twitter users @HackerGiraffe and @j3ws3r. The two also teamed up last year to hack printers worldwide to print flyers in support of PewDiePie

HackerGiraffe claimed responsibility for the latest hack in a tweet, using the hashtag “#CastHack.”

Moreover, all the details about the hack were shared on a page which was updated in real time. The page listed details like the total number of devices hacked in each category and frequently-asked questions.

“What is going on? if you came here because you’re a victim of #CastHack, then know that your Chromecast/SmartTV/GoogleHome is exposed to the public internet, and is leaking sensitive information related to your device and home,”one of the FAQs states.

A harmless hack

Another FAQ informed victims about the information hackers can access due to their lack of security. The page inform victims that hackers don’t have access to other devices on the same network, except for sniffing “information besides WIFI points and Bluetooth devices.” Further, the page states that hackers don’t have access to the user’s personal Google account or Google Home’s microphone. The page also advises users to fix their device security and explains how to do it.

“Disable UPnP on your router, and if you’re port forwarding ports 8008/8443/8009 then STOP forwarding them,” the page says.

The Chromecast and Google Home hacks exploit a router setting which makes these internet-connected devices public. The hackers were then able to change the device’s Wi-Fi name and control it to send their message via a connected TV.

Like the printer incident, Wednesday’s hack was also a harmless one. Except for users panicking when they saw that their device had been hacked, there appears to have been no damage done. HackerGiraffe assured victims that they did not save any information from the affected devices.

As was expected, many Chromecast users approached Google as well to learn about the security settings to prevent such attacks in the future. Google directed users who asked for help on Twitter to a private discussion on the topic. However, on Reddit, Chromecast team members asked for more information from affected users.

Promoting the “subscribe to PewDiePie” campaign wasn’t the only motive

In addition to garnering support for their “subscribe to PewDiePie” campaign, the hackers’ other objective has always been to make users aware of potential security threats and help them plug loopholes.

Moreover, it can be said that the hackers didn’t actually hack the Chromecast and Home speakers. Instead, they just utilized badly-configured routers, which enabled them to pretend they were on the same networks as the devices in question. A Google representative confirmed the same thing to Variety in an email, adding that users can disable Universal Plug and Play (UPnP) to restrict external videos on their devices.

Last month, The Wall Street Journal’s website was also hacked to promote the “subscribe to PewDiePie” campaign. At the time, HackerGiraffe claimed they were not involved in the act.

“The Wall Street [Journal] one was harmful and goes against what we stand for,” HackerGiraffe said.

Meanwhile, the subscriber count battle between PewDiePie and T-Series continues to intensify. On many occasions, the Indian music label has come close to overtaking PewDiePie, but the Swedish YouTuber has managed to retain the lead so far. PewDiePie crossed the 79-million mark last week, but T-Series is following closely behind and is still about a million short, according to Dexerto.